Re: Intention to tighten RPM crypto-policy back

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 19, 2023 at 10:20 AM Alexander Sosedkin
<asosedkin@xxxxxxxxxx> wrote:
>
> Hello,
>
> 6 months ago, there's been a F38 blocker: https://pagure.io/fesco/issue/2960
> Long story short:
> RPM has moved to sequoia,
> sequoia has started respecting crypto-policies,
> Google repos have been signed with a 1024-bit DSA key,
> Google Chrome was not installable => F38 blocker.
> Back at the time, it's been hastily "resolved"
> by relaxing RPM security through crypto-policies
> just enough to tolerate that Google signature:
> https://bugzilla.redhat.com/show_bug.cgi?id=2170878
> https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/129
>
> Since then it has been brought to my attention that
> Google has now added a 4096 bit RSA key
> https://www.google.com/linuxrepositories/
> (EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796)
>
> Because of that, I'd like to revert that RPM policy relaxation
> https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/a12f7b20638be8f872ad1995c7d2edce41c227b5
> in (f39) rawhide and align RPM security with the rest of the policy.
>
> Thoughts / feedback?

I think it should be done as a system wide change so it can have the
appropriate review but it seems we're better off than we were.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux